It is primarily for auth yeah, and if you are just randomizing it then there is not much point to it anyway, so yeah you could remove it (and remove accessing it from your socket module).
Do note, that allows anyone with any webpage anywhere to connect to your socket and do whatever, soooo, keep that in mind. ^.^
Thanks. In terms of anyone from anywhere connecting – they’ll just receive nonsense back down the wire. There isn’t any sort of malicious input they could submit, is there?